[j-nsp] OpenSSH V5.1 with ScreenOS

Ross Vandegrift ross at kallisti.us
Tue Sep 2 10:15:40 EDT 2008


On Mon, Sep 01, 2008 at 09:28:02PM +0200, Marek Lukaszuk wrote:
> On Mon, Sep 1, 2008 at 17:53, Ross Vandegrift <ross at kallisti.us> wrote:
> > Looks like something changed during a recent upgrade to OpenSSH V5.1.
> > When connecting to ScreenOS firewalls, the firewalls closes the
> > connection as soon as authentication has passed.
> >
> > We've got a ticket open with JTAC, but I'm not sure it's going to go
> > anywhere quickly.  I've run into different quirks with Netscreen-SSH
> > before, so I'm guessing there's some new option that confuses the
> > firewall.  Anyone run into this and found a workaround?
> 
> I just tried and it works for me, I got those options in my .ssh/config
> 
> host  netscreen*
>         Ciphers blowfish-cbc,aes256-ctr,aes256-cbc,3des-cbc
>         KeepAlive no
>         TCPKeepAlive no
>         Compression no
> 
>  > ssh -V
> OpenSSH_5.1p1 Debian-2, OpenSSL 0.9.8g 19 Oct 2007
> 
> I don't have any problems connecting.

Hmmm, very weird.  Are you using older ScreenOS releases?  Our boxes
are all 5.4 or newer.  I've tried the above options, as well as
disabling Agent forwarding, X11 forwarding, tunnelling, send
environment to no avail.



-- 
Ross Vandegrift
ross at kallisti.us

"The good Christian should beware of mathematicians, and all those who
make empty prophecies. The danger already exists that the mathematicians
have made a covenant with the devil to darken the spirit and to confine
man in the bonds of Hell."
	--St. Augustine, De Genesi ad Litteram, Book II, xviii, 37


More information about the juniper-nsp mailing list